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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE MONTH(S) FROM 

THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 06 July 2004 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) £3 Claim(s) 1-31 and 34-36 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) I3 Claim(s) 22-36 is/are allowed. 

6) ^ Claim(s) 1-11 is/are rejected. 

7) S Claim(s) 12-21 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Amendment 

1 . This Office Action is responsive to the amendment filed July 6, 2004, in which claims 1- 
16 and 27,29-31,33,34 and 36 were amended. 

Response to Arguments 

2. Applicant's arguments with respect to all claims have been considered but are moot in 
view of the new ground(s) of rejection. 

3. Claims 1-31 and 34-36 have been examined. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Publication 
NO. 2003/0095726 to Kia et al. in view of US Patent No. 6598027 to Breen, Jr. et al. 

Kia et al. disclose enrolling a multiplicity of users (i.e. merchants and cardholders) with a 
closed authentication infrastructure, wherein enrolling comprises obtaining and verifying the 
identity and other credentials of the multiplicity of users and providing each user with a unique 
secret necessary for later authentication to said online authentication service and storing the 
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verified identity and other credentials in at least one database, authenticating a plurality of the 
multiplicity of users to said on-line authentication service using user's unique secret to produce a 
plurality of authenticated users (see paragraphs [033] and [0393]). Kia et al. do not expressly 
disclose a plurality of groups each group comprising at least two of said plurality of 
authenticated users to conduct interactions comprising a plurality of messages under persistent 
mediation of said online authentication service, such that each of and is directly monitored by 
said online authentication service. Breen, Jr. et al. disclose a plurality of groups each group 
comprising at least two of said plurality of authenticated users to conduct interactions comprising 
a plurality of messages under persistent mediation of said online authentication service, such that 
each of and is directly monitored by said online authentication service (see col. 1, lines 58-67 & 
col. 2, lines 17-35). At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to modify the method disclose by Kia et al. to include a plurality of 
groups each group comprising at least two of said plurality of authenticated users to conduct 
interactions comprising a plurality of messages under persistent mediation of said online 
authentication service, such that each of and is directly monitored by said online authentication 
service. One of ordinary skill in the art would have been motivated to do this because it 
monitors users transactions, which is necessary to reduce future disputes. 
6. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Kia et al. and 
Breen et al. as applied to claim 1 above, and further in view of US Publication No. 
2003/0004894 to Rowney et al. 

Kia et al. discloses an online authentication service (see claim 1 above). Kia et al. do not 
expressly disclose providing each of the at least two users in an interaction verified information 
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about each other user in the interaction in an intelligible form before beginning the interactions, 
whereby each user may decide whether to proceed with an interaction based on the verified 
information provided by the on-line authentication service. Rowney et al. disclose providing 
each of the at least two users in an interaction verified information about each other user in the 
interaction in an intelligible form before beginning the interactions, whereby each user may 
decide whether to proceed with an interaction based on the verified information provided by the 
on-line authentication service (see paragraphs [0080] & [0083]). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to modify the Kia et al. 
to include the step of providing each of the at least two users in an interaction verified 
information about each other user in the interaction in an intelligible form before beginning the 
interactions, whereby each user may decide whether to proceed with an interaction based on the 
verified information provided by the on-line authentication service. One of ordinary skill in the 
art would have been motivated to do this because it eliminates future disputes by reducing 
undesirable interactions. 

7. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Kia et al. and 
Breen, Jr. et al. as applied to claim 1 above, and further in view of US Publication No. 
2004/0128257 to Okamoto et al. 

Kia et al. disclose a persistent mediation method (see claim 1 above). Kia et al. do not 
expressly disclose directly compiling an audit trail of an interaction and making the audit trail 
available to the at least two users in the interaction in an intelligible form at any tie during the 
interaction at the option of the at least two users and wherein the audit trail comprises at least 
some of the content of the plurality of messages in the interaction. Okamoto et al. disclose 
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compiling an audit trail of an interaction and making the audit trail available to the at least two 
users in the interaction in an intelligible form at any tie during the interaction at the option of the 
at least two users and wherein the audit trail comprises at least some of the content of the 
plurality of messages in the interaction (see paragraph [0093]). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to modify the method 
disclose by Kia et al. to include the step of compiling an audit trail. One of ordinary skill in the 
art would have been motivated to do this because it monitors users transactions, which is 
necessary to reduce future disputes. 

8. Claims 4 and 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kia et al. 
and Breen, Jr. et al. as applied to claim 1 above, and further in view of "Software Smart Cards 
via Cryptographic Camouflage" to Hoover et al. 

Kia et al. disclose the unique secret comprises a private encryption key and closed 
authentication system (see claim 1 above). Kia et al. do not expressly disclose the closed 
authentications system comprises a pseudo-PKI system of type which cryptographically 
camouflages a user's private encryption key in a software container, whereby the user's 
camouflaged private key will generate a correct response to an authentication challenge if a 
proper access code is entered, but often generates an incorrect but plausible response which if 
used will provide a notice to the on-line authentication service of security attack on the 
camouflaged key. Hoover et al. disclose a pseudo-PKI system of type which cryptographically 
camouflages a user's private encryption key in a software container, whereby the user's 
camouflaged private key will generate a correct response to an authentication challenge if a 
proper access code is entered, but often generates an incorrect but plausible response which if 
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used will provide a notice to the on-line authentication service of security attack on the 
camouflaged key (see entire document). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the method disclose by Kia et al. to 
include a pseudo-PKI system of type which cryptographically camouflages a user's private 
encryption key in a software container, whereby the user's camouflaged private key will generate 
a correct response to an authentication challenge if a proper access code is entered, but often 
generates an incorrect but plausible response which if used will provide a notice to the on-line 
authentication service of security attack on the camouflaged key. One of ordinary skill in the art 
would have been motivated to do this because it provides additional security. 

Referring to claim 5, Kia et al. disclose the method wherein enrolling a multiplicity of 
users further comprises the act of providing each of said multiplicity of users with a public key 
encrypted on a certificate which can only be decrypted using a secret key under exclusive control 
of the on-line authentication service, whereby the pseudo-PKI system operates as a closed 
authentication infrastructure and the online authentication service is capable of authenticating 
users without storing a cryptographic key of the user other than during the act of authenticating 
(see paragraph [0388]). 

9. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Kia et al. and 
Breen et al in view of Okamoto et al. 

Kia et al disclose enrolling users seeking enrollment in the persistent authentication and 
mediation service, to produce a multiplicity of enrolled users, wherein enrolling comprises 
obtaining and verifying the identity and other credentials of the multiplicity of users and 
providing each user with a unique secret necessary for later authentication to said online 
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persistent authentication and mediation service, storing the verified identity and other credentials 
in at least one database, receiving online requests form enrolled users for authentication to online 
authentication service, authenticating enrolled users seeking authentication to the persistent 
authentication and mediation service using each enrolled user's unique secret, so as to maintain a 
plurality of authenticated users, mediating the interaction among the at least two users of each of 
said plurality of groups of connected users such that each message in the interaction passes 
through the persistent authentication and mediation service (see paragraphs [0388] and [0393]). 
Kia et al. do not expressly disclose receiving request from authenticated users to be connected to 
particular other authenticated users, connecting groups of at least two authenticated users under 
persistent mediation of the persistent authenticated users which are connected to conduct an 
interaction comprising a plurality of messages, repeating act (f) to produce a plurality of groups 
of connected users or directly compiling an audit trail of the interaction and making information 
from the audit trail available to the at least two users of each group of connected users during the 
interaction in an intelligible form wherein the audit trail contains at least some of the content of 
the plurality of messages in the interaction. The steps of receiving requests from authenticated 
users to be connected to particular other authenticated users and repeating act (f) to produce a 
plurality of groups of connected users are inherent step. Okamoto et al. disclose compiling an 
audit trail of an interaction and making the audit trail available to the at least two users in the 
interaction in an intelligible form at any tie during the interaction at the option of the at least two 
users and wherein the audit trail comprises at least some of the content of the plurality of 
messages in the interaction (see paragraph [0093]). At the time the invention was made, it would 
have been obvious to a person of ordinary skill in the art to modify the method disclose by Kia et 
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al. to include the steps of receiving request from authenticated users to be connected to particular 
other authenticated users, connecting groups of at least two authenticated users under persistent 
mediation of the persistent authenticated users which are connected to conduct an interaction 
comprising a plurality of messages, repeating act (f) to produce a plurality of groups of 
connected users or directly compiling an audit trail of the interaction and making information 
from the audit trail available to the at least two users of each group of connected users during the 
interaction in an intelligible form wherein the audit trail contains at least some of the content of 
the plurality of messages in the interaction. One of ordinary skill in the art would have been 
motivated to do this because it monitors users transactions, which is necessary to reduce future 
disputes. 

Allowable Subject Matter 

10. Claims 6-10 are objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent form including all of the limitations of the base claim and 
any intervening claims (Specifically, the claim 6's limitation). 

1 1 . Claims 12 and 13 objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base claim 
and any intervening claims. 

12. Claims 14-21 are objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base claim 
and any intervening claims (Specifically, the limitations of claim 14). 

13. Claims 22-3 1 and 33-36 are allowed 
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Conclusion 

14. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 703-305-0057. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306 for Regular and 
After Final Actions and 703-746-9443 for Non-Official/Draft. 



Application/Control Number: 09/875,088 Page 10 

Art Unit: 3621 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
PO Box 1450 
Alexandria, VA 22313-1450 

Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal Drive, 




